[K12OSN] Re: SMB/LDAP management with Webmin Users and Groupsmodule (Peter Hartmann)

Paul Lemke lists at paulandmichelle.net
Tue Jul 11 02:21:44 UTC 2006

I made the mistake of trying to setup smb/ldap myself... of course I failed.
But I did run into the dbus stuff. Here is the fedora bug for that and the
solution I used was comment #14:


Anyways, I just tried the smblda-installer you have listed here and I get to
the point where it tries to connect to the ldap server during the "populate"
step. Here is the line in the log: 

Running smbldap-populate...erreur LDAP: Can't contact master ldap server
(IO::Socket::INET: connect: Connection refused) at
/usr/lib/perl5/vendor_perl/5.8.8/smbldap_tools.pm line 282.



-----Original Message-----
From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On Behalf
Of Matt Oquist
Sent: Sunday, July 09, 2006 5:41 PM
To: k12osn at redhat.com
Subject: [K12OSN] Re: SMB/LDAP management with Webmin Users and Groupsmodule
(Peter Hartmann)

Yes, awesome indeed. I'm very close to a drastic update to the

* FC5 support is still suffering from the "System Messaging Bus" delay
  (timeout of some sort) at startup, which seems to be related to the
  LDAP client configuration. Anybody who runs
  http://www.majen.net/smbldap/archive/smbldap-installer-2.1.tgz and
  then debugs the problem can let me know and save me some time
  figuring this out. :)
* Automated configuration of fully-replicating PDC/BDC is almost done!
* The Ubuntu client config won't ask any questions any more. (Wish I'd
  figured this out months ago; it's not hard.)

Anyhow, I'd love to help automate a Webmin configuration for
Samba/LDAP and I'll be referring back to these notes when I get to
that (which may be a while).

I'm going to do my darndest to get the next release out before the UNH
NELS, which starts a week from tonight.


> Wow! Thanks Jim this is awesome!  I just created a test user via batch
> file.  It's funny though if I try and add a user to the ldap database
> that's already a user on the system it returns : "Duplicate username
> at line 1 : [user]"  Question: Why should the ldap database care
> what's in /etc/passwd?   This machine is going to be a stand-alone
> ldap server so it's not set to authenticate the the ldap database.
> Umm..I don't have to set it for ldap auth do I?
> Thanks,
> Peter
> On 8/8/05, Jim Kronebusch <jim at winonacotter.org> wrote:
> > You can add/modify/delete users and groups from the LDAP Users and
> > groups module.  Below I will show my settings for the module as
> > configured for version 2.0-alpha of the smb/ldap installer scripts.  The
> > add users via batch section is all that needs work now.  It appears to
> > leave out the Samba account options when run.  I emailed Jamie Cameron
> > to see if he can let me know how to make this work.  Anyhow with the
> > settings below I am able to login via Linux, via a OSX LDAP enabled
> > machine, and join a Windows Machine to the domain and login.  I will
> > list only fields where I have made changes from the default.  This is
> > also with the newest stable version of webmin.  Disk quotas will also be
> > able to be managed via the Webmin Disk Quota module, provided that under
> > the Disk and Network Filesystems you have enable User or Group quotas,
> > and subsequently enabled Disk Quotas under the Disk Quotas module.
> >
> > Also in discussion with Jamie Cameron I was informed that the variables
> > ${USER} and ${UID} can be used to substitute username and user id
> > respectively anywhere in the webmin module configuration.
> >
> > Here goes:
> >
> > Linux LDAP NSS library config file: /etc/ldap.conf
> > Bind to LDAP server as: cn=manager,dc=yourdomain,dc=org
> > Credentials for bind name above: On first access click Set to and enter
> > your smb/ldap password as set during script installation, after first
> > entry leave set to Don't change
> > Base for users: ou=Users,dc=yourdomain,dc=org
> > Base for groups: ou=Groups,dc=yourdomain,dc=org
> > Other objectClasses to add to new users: top inetOrgPerson
> > Full path to slappasswd program: /usr/sbin/slappasswd
> > LDAP properties for all new users: sn: ${USER}
> > Lowest UID for new users: 1000
> > Default primary group for new users: Domain Users
> > Default secondary groups for new users: Domain Users
> > Default shell for new users: /bin/bash
> > LDAP object class for Samba users: sambaSamAccount
> > Enabled Samba account by default?: Yes
> > Domain SID for Samba3: S-1-5-21-699950680-3956470712-3012135405 (Please
> > use your own sambaSID here :-)
> > LDAP properties for new Samba users:
> > sambaLogonScript: startup.bat
> > sambaProfilePath: \\YOURDOMAIN-PDC\profiles\${USER}
> > sambaHomePath: \\YOURDOMAIN-PDC\homes\${USER}
> > sambaHomeDrive: X:
> > LDAP object class for Samba groups: sambaGroupMapping
> >
> > Well I hope that helps others out to get webmin working.  For now this
> > will at least work with using the command line bulk-add scripts to add
> > the largest population, then webmin for smaller changes.  I will post
> > out if I get a fix from Jamie.  Or if anyone else tries this let me know
> > if you can get the batch import to work.
> >
> > Also I found that to get default OSX settings out you can create a
> > Library folder in /etc/skel and copy the files you want to default into
> > that folder.  Say you create a custom dock you can take Macintosh
> > HD:Users:test user:Library:Preferences:com.apple.dock.plist and move it
> > to /etc/skel/Library/Preferences/com.apple.dock.plist on the linux
> > server and all new users will receive the custom dock.
> >
> > Also since OSX and Linux use the same desktop folder and same /home by
> > default I will try to create scripts make the windows desktop point to
> > /home/user/desktop and to point My Documents to /home/user.  This should
> > make profile roaming seamless between Ops.  I think I can for the most
> > part use the scripts posted in the last couple weeks.
> >
> >
> > Jim Kronebusch
> > Cotter Tech Department
> > 507-453-5188
> > jim at winonacotter.org
Open Source Software Engineering Consultant

More information about the K12OSN mailing list